Process sensor issues continue to be ignored and are placing the country at extreme risk

June 1, 2021
A recent NERC Lessons Learned event discussed a 2019 event where a combined cycle power plant in Florida suffered significant load oscillations because a sensor provided erroneous input to the steam turbine controller. The controller reacted by cycling the turbine resulting in 200MW load swings (see Max 737 plane crashes). These oscillations caused a 0.25Hz impact on the entire Eastern Interconnect and resulted in a 50 MW load swing in New England (local failure affects entire interconnected systems similar to Colonial Pipelines). Like the 2008 Florida outage, there was no mention of the event being a cyber incident. There is no cyber security, authentication, or cyber logging in the sensor. Moreover, process sensors are out-of-scope for the NERC CIPs and NERC Supply Chain issues. The lack of process sensor authentication is also key to being able to address the Chinese transformers with hardware backdoors. 

In preparing for my keynotes and panel sessions next week, July 8-9 (follow-on blog), I found a recent NERC Lessons Learned event of a combined cycle power plant in Florida that suffered significant load oscillations. In this January 2019 event, a single potential transformer (PT) sensor provided input to the steam turbine controller in the power plant. However, the sensor was providing bad data and the controller reacted accordingly by cycling the turbine resulting in 200MW load swings (see Max 737 plane crashes). These oscillations caused a 0.25Hz impact on the entire Eastern Interconnect and resulted in a 50 MW load swing in New England (local failure affects entire interconnected systems similar to Colonial Pipelines). Like the 2008 Florida outage, there was no mention of the event being a cyber incident even though it was a sensor communicating to a control system that cycled a valve with the impact affecting the interconnected grid. I don’t know if the PT sensor was analog or digital, but in either case, there is no cyber security, authentication, or cyber logging. Moreover, process sensors are out-of-scope for the NERC CIPs and NERC Supply Chain issues. The lack of process sensor authentication is also key to being able to address the Chinese transformers with hardware backdoors. There have been more than 350 control system cyber incidents in the North American electric system to date with 5 causing outages affecting at least 96,000 customers. The utility industry has work to do when it comes to treating cyber security and reliability/safety as inter-related tasks.

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.